CVE-2026-45941
Analyzed Analyzed - Analysis Complete

Locality Leak in TPM I2C Infineon Driver

Vulnerability report for CVE-2026-45941, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-27

Last updated on: 2026-06-24

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure get_burstcount() can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of tpm_tis_i2c_send(). Use goto out_err to ensure proper cleanup when get_burstcount() fails.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-27
Last Modified
2026-06-24
Generated
2026-07-06
AI Q&A
2026-05-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 3.7 (inc) to 5.10.252 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

If the locality leak occurs, the TPM locality remains held and is not released properly. This can cause resource exhaustion or denial of service conditions within the TPM subsystem, potentially preventing other processes or operations from accessing the TPM correctly.

Such a leak could degrade system stability or security functions that rely on TPM, such as secure key storage or platform integrity measurements.

Executive Summary

This vulnerability exists in the Linux kernel's TPM (Trusted Platform Module) driver for Infineon TPM devices using the I2C interface. Specifically, the function get_burstcount() can fail by returning -EBUSY on a timeout. When this failure occurs, the function returns immediately without releasing the locality that was acquired earlier in the tpm_tis_i2c_send() function. This improper handling leads to a locality leak, meaning the TPM locality remains held and is not properly cleaned up.

The fix involves using a goto statement to an error handling label (out_err) to ensure that the locality is properly released even when get_burstcount() fails.

Mitigation Strategies

The vulnerability in the Linux kernel related to tpm_i2c_infineon involves a locality leak on get_burstcount() failure. To mitigate this vulnerability, you should update your Linux kernel to a version where this issue has been fixed.

Specifically, the fix ensures proper cleanup by using 'goto out_err' when get_burstcount() fails, preventing the locality leak.

Therefore, applying the latest kernel patches or upgrading to the fixed kernel version is the immediate step to mitigate this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45941. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart